Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-13 | CVE-2017-1720 | Command Injection vulnerability in IBM Client Application Access and Notes IBM Notes 8.5 and 9.0 could allow a local attacker to execute arbitrary commands by carefully crafting a command line sent via the shared memory IPC. | 4.6 |
| 2018-02-13 | CVE-2017-1711 | Untrusted Search Path vulnerability in IBM Client Application Access and Notes IBM iNotes 8.5 and 9.0 SUService can be misguided into running malicious code from a DLL masquerading as a windows DLL in the temp directory. | 6.8 |
| 2018-02-09 | CVE-2018-1401 | Cross-site Scripting vulnerability in IBM Websphere Portal 8.0.0.0/8.5.0.0/9.0.0.0 IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. | 4.3 |
| 2018-02-09 | CVE-2017-1761 | Cross-site Scripting vulnerability in IBM Websphere Portal IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. | 4.3 |
| 2018-02-08 | CVE-2012-3331 | Information Exposure vulnerability in IBM Sametime IBM Sametime allows remote attackers to obtain sensitive information from the Sametime Log database via a direct request to STLOG.NSF. | 5.0 |
| 2018-02-07 | CVE-2018-1388 | Information Exposure vulnerability in IBM Websphere MQ GSKit V7 may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding. | 5.0 |
| 2018-02-07 | CVE-2018-1366 | Unspecified vulnerability in IBM Content Navigator IBM Content Navigator 2.0 and 3.0 is vulnerable to Comma Separated Value (CSV) Injection. network ibm | 6.8 |
| 2018-02-07 | CVE-2017-1785 | Information Exposure vulnerability in IBM API Connect IBM API Connect 5.0.7 and 5.0.8 could allow an authenticated remote user to modify query parameters to obtain sensitive information. | 4.0 |
| 2018-02-02 | CVE-2016-0342 | Improper Access Control vulnerability in IBM Tririga Application Platform IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 allows remote authenticated users to read or modify arbitrary reports by leveraging an incorrect grant of access. | 5.5 |
| 2018-02-02 | CVE-2016-0329 | Open Redirect vulnerability in IBM Emptoris Sourcing Open redirect vulnerability in IBM Emptoris Sourcing 10.0.0.x before 10.0.0.1_iFix3, 10.0.1.x before 10.0.1.3_iFix3, 10.0.2.x before 10.0.2.8_iFix1, 10.0.4.0 before 10.0.4.0_iFix8, and 10.1.0.0 before 10.1.0.0_iFix3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 4.9 |